DNS

Dan Lukes dan at obluda.cz
Mon Apr 23 11:15:49 CEST 2007


> Zdravim nevite nekdo proc mi BIND nevraci aliasovane DNS zaznamy?
> 
> Pro upresneni pouzivam FreeBSD 6.2 a po instalaci a nastaveni DNS
> serveru mi BIND neresolvuje CNAME zaznamy – postup napr:
> ping www.microsoft.com – cannot resolve … unknown host

	Jeste me tak napadlo - zaznam pro www.microsoft.com je skutecne vadny:

www.microsoft.com.        IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net.      IN CNAME lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net.    IN A     207.46.225.60
...

Dalsi zmineny problematicky zaznam, avupdate.f-secure.com je roznez vadny:

avupdate.f-secure.com.    IN CNAME  avupdate.f-secure.com.edgesuite.net.
avupdate.f-secure.com.edgesuite.net. IN CNAME a1332.g.akamai.net.
a1332.g.akamai.net.       IN A      195.113.232.88


	Proc je vadny ?

RFC1034 (to je dvacet let stare RFC, kterym se ridi co v DNS ma byt a 
jak) rika v kapitole 3.6.2:

  --------------
Domain names in RRs which point at another name should always point at
the primary name and not the alias.  This avoids extra indirections in
accessing information.  For example, the address to name RR for the
above host should be:

     52.0.0.10.IN-ADDR.ARPA  IN      PTR     C.ISI.EDU

rather than pointing at USC-ISIC.ARPA.  Of course, by the robustness
principle, domain software should not fail when presented with CNAME
chains or loops; CNAME chains should be followed and CNAME loops
signalled as an error.
  ----------------

	Volne interpretovano - smerovat CNAME na CNAME neni dovoleno. Soucasne 
je prikazano, aby se s takovou chybou DNS server vyrovnal.

	To znamena, ze v tomto pripade jde o problem chybneho DNS dohromady s 
chybou v BINDu - a teprve tyto dve chybu spolecne pusobi pozorovany 
nasledek.

	Resenim je opravit OBE chyby.

						Dan





More information about the Users-l mailing list